package com.oceansoft.mobile.biz.admin.controller;

import static com.oceansoft.mobile.common.Constant.AUTHORITY;
import static com.oceansoft.mobile.common.Constant.GLOBAL_ADMIN_SESSION;
import static com.oceansoft.mobile.common.Constant.GLOBAL_SERVICE;
import static com.oceansoft.mobile.common.Constant.GLOBAL_SESSION;

import java.util.HashMap;
import java.util.List;
import java.util.Map;

import javax.annotation.Resource;
import javax.servlet.http.HttpSession;

import org.apache.log4j.Logger;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;

import com.oceansoft.mobile.biz.admin.entity.Auth;
import com.oceansoft.mobile.biz.admin.entity.Profile;
import com.oceansoft.mobile.biz.admin.entity.SysUser;
import com.oceansoft.mobile.biz.admin.service.ISysUserService;
import com.oceansoft.mobile.common.Constant;
import com.oceansoft.mobile.common.base.entity.Result;
import com.oceansoft.mobile.weixin.core.CoreServlet;

@Controller
@RequestMapping("profile")
public class SysProfileController {
	private static Logger log=Logger.getLogger(CoreServlet.class);
    @Resource
    private ISysUserService sysUserService;


    @RequestMapping("login")
    public String login() {
        return "admin/profile-login";
    }

    /**
     * 用户登录认证
     *
     * @param profile 账户概要信息
     * @param session 会话SESSION
     * @return Result
     */
    @ResponseBody
    @RequestMapping(value = "auth", method = RequestMethod.POST)
    public Result loginAuth(Profile profile, HttpSession session) {
    	
    	if(null==profile||profile.getLoginId()==null||profile.getPassword()==null){
    		 return new Result(Result.FAILURE, "登录失败！");
    	}
    	Result result = sysUserService.loginAuthen(profile);
    	SysUser user=(SysUser)result.getData();
    	
    	
    	if(null!=user){
    		getRoleAuth(session, user);
    		
    		if(user.getRole_id()==Constant.ROLE_SUPER_ADMIN){//如果是超级管理员
                session.setAttribute(GLOBAL_ADMIN_SESSION, result.getData());
                return result;
    		}else if(user.getRole_id()==Constant.ROLE_MERCHANT_ADMIN){//如果是商家管理员
                session.setAttribute(GLOBAL_SESSION,result.getData());
    		}else if(user.getRole_id()==Constant.ROLE_MERCHANT_CUSTOMSERVICE){//如果是商家客服人员
                session.setAttribute(GLOBAL_SERVICE,result.getData());
                session.setAttribute(GLOBAL_SESSION,result.getData());
    		}
    		return new Result(Result.SUCC2,true, "商家成功登陆");
    	}
       return new Result(Result.FAILURE, "登录失败！");
    }

	private void getRoleAuth(HttpSession session, SysUser user) {
		//根据用户查询角色权限
		Map<String, String> auth = new HashMap<String, String>();
		List<Auth> list =sysUserService.loadAuth(user.getAuth_id());
		if(null!=list&&list.size()>0){
			for (Auth au : list) {
				auth.put(au.getResource(),au.getResource());
			}
		}
		session.setAttribute(AUTHORITY, auth);
	}
    
    /**
     * 角色替换（管理员代替商家进行业务操作）
     *
     * @param merchant_id 商家编号
     * @param session 商家编号
     * @return String
     */
    @ResponseBody
    @RequestMapping(value = "roleas/{merchant_id}", method = RequestMethod.POST)
    public Result roleAs(@PathVariable("merchant_id") long merchant_id, HttpSession session) {
    	SysUser user= sysUserService.loadSysUserByMerchantId(merchant_id);
        if (null != user) {
        	getRoleAuth(session, user);
            if (Constant.MERCHANT_STATUS_INVALIDATE == user.getStatus()) {
                return new Result(Result.FAILURE, "当前用户已锁定，无法进行角色替换操作");
            } else {
                session.setAttribute(GLOBAL_SESSION, user);
                return new Result();
            }
        } else {
            return new Result(Result.FAILURE, "用户不存在");
        }
    }

    /**
     * 用户注销
     *
     * @param session 当前登录用户SESSION信息
     * @return String
     */
    @RequestMapping(value = "logout", method = RequestMethod.GET)
    public String logout(HttpSession session) {
        session.setAttribute(GLOBAL_ADMIN_SESSION, null);
        session.invalidate();
        return "redirect:/profile/login";
    }
}
